Miscellaneous

Question 1

What is AWS Import/Export?

Answer 1

Accelerates moving huge amounts of data, you send in your storage device such as a hard drive, Amazon puts your data onto AWS and sends the device back

Question 2

What is AWS Trusted Advisor?

Answer 2

Service which inspects your AWS environment and makes recommendations when opportunities may exist to save money, improve system performance, or close security gaps

Question 3

Is SSL Termination supported on ELBs?

Answer 3

Yes

Question 4

What is WAF?

Answer 4

Web Application Firewall - It helps protect web applications from common exploits, working with CloudFront and ELBs

Question 5

What is recommended for highest security in your AWS system?

Answer 5

MFA
Communicate via SSL/TLS
Monitor user activity with CloudTrail

Question 6

True or false: When creating a new security group, all outgoing traffic is allowed by default

Answer 6

True

Question 7

What is OpsWorks?

Answer 7

Orchestration servcie that uses Chef

Question 8

What does it mean that ELBs support SSL Termination?

Answer 8

ELBs handle decryption of encrypted data, so data sent from an ELB to an instance is non ecrypted, EC2 instances behind them don’t have to deal with decryption

Question 9

How can you get a vulnerability scan on your AWS system?

Answer 9

You can request one from Amazon

Question 10

What credentialing type is used to access AWS Management Console?

Answer 10

MFA

Question 11

What credentialing type is used for CLI or SDK access to a EC2 Instance?

Answer 11

Access key ID and secret access key

Question 12

True or false: When creating a new security group, all incoming traffic is allowed by default

Answer 12

False. It is all denied

Question 13

Security in the cloud consists of what 4 areas?

Answer 13

Data protection
Privilege management
Infrastructure protection
Detective controls

Question 14

What credentialing type is used to access AWS APIs via SOAP requests?

Answer 14

X.509 certificates

Question 15

Explain the shared security model

Answer 15

Amazon is responsible for securing the underlying infrastructure that supports the cloud, and you are responsible for anything you put on the cloud or connect to the cloud

Question 16

What is Privilege Management, and how is it implemented?

Answer 16

It ensures that only authenticated and authorized users have access to resources, in the manner intended. Includes:
Access Control Lists
Role-based access controls
Password Management, such as rotation policies

Question 17

In what ways can Amazon initiate the movement of data between regions?

Answer 17

It can’t. Amazon will never initiate the movement of data between regions

Question 18

What is Direct Connect?

Answer 18

Allows you to connect your own equipment to AWS dedicated rack space directly, bypassing ISPs and the internet altogether

Question 19

Who is responsible for the security of AWS managed services such as DynamoDB, RSD, etc?

Answer 19

Amazon

Question 20

What is KMS?

Answer 20

Key Management Service, a managed service that lets you create and control the encryption keys used to encrypt data

Question 21

What credentialing type is used to access EC2 Instances via SSH, or cloudFront URLs?

Answer 21

Key pairs

Question 22

What is CloudFormation?

Answer 22

Service which allows you to set up an entire infrastructure in code, which can be saved and used later to create another entire infrastructure

Question 23

Describe the data protection best practices

Answer 23

Data classification should be in place before architecting security practices. Data should be classified as:
Publicly available
Available on within org
Available to section of org
Etc.
You should also develop a least privilege system so that people can only see what they need
Everything should be encrypted, both at rest and in transit

Question 24

What is used to isolate instances running on the same physical machine from each other?

Answer 24

Xen Hypervisor

Question 25

What is Amazon Elastic Container Service?

Answer 25

Amazon Elastic Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances.

Question 26

What is ECR?

Answer 26

EC2 Container Registry - A repository for storing Docker containers in AWS

Question 27

How is Amazon ECS different from AWS Elastic Beanstalk?

Answer 27

Elastic Beanstalk is ideal if you want to leverage the benefits of containers but just want the simplicity of deploying applications from development to production by uploading a container image. You can work with Amazon ECS directly if you want more fine-grained control for custom application architectures.

Question 28

Does Amazon ECS support any other container types besides Docker?

Answer 28

No

Question 29

What are ECS Tasks?

Answer 29

Tasks allow you to define a set of containers that you would like to be placed together (or part of the same placement decision), their properties, and how they may be linked. Tasks include all the information that Amazon ECS needs to make the placement decision.

Question 30

What is a service in ECS?

Answer 30

A service allows you to run and maintain a specified number (the “desired count”) of simultaneous instances of a task definition in an ECS cluster.

Question 31

What is an ECS Cluster?

Answer 31

A logical group of EC2 instances that you can place continers into

Question 32

What are the three different ways to create an ECS cluster?

Answer 32

AWS console
CLI
CloudFormation

Question 33

What is a use case for AWS Directory Service for microsoft Active Directory?

Answer 33

Microsoft AD is your best choice if you need actual Active Directory features to support AWS applications or Windows workloads, including Amazon Relational Database Service for Microsoft SQL Server. It’s also best if you want a standalone AD in the AWS Cloud that supports Office 365 or you need an LDAP directory to support your Linux applications.

Question 34

What is the use case for AD Connector?

Answer 34

AD Connector is your best choice when you want to use your existing on-premises directory with compatible AWS services.

Question 35

What is the use case for Simple AD?

Answer 35

You can use Simple AD as a standalone directory in the cloud to support Windows workloads that need basic AD features, compatible AWS applications, or to support Linux workloads that need LDAP service.

Question 36

Describe a pre-signed URL

Answer 36

A pre-signed URL gives you access to the object identified in the URL, provided that the creator of the pre-signed URL has permissions to access that object. S3 Pre-signed URLs can be used to provide a temporary 3rd party access to private objects in S3 buckets.

Question 37

What is the difference between a Dedicated Instance and a Dedicated Host?

Answer 37

You can use Dedicated Hosts and Dedicated instances to launch Amazon EC2 instances on physical servers that are dedicated for your use. An important difference between a Dedicated Host and a Dedicated instance is that a Dedicated Host gives you additional visibility and control over how instances are placed on a physical server, and you can consistently deploy your instances to the same physical server over time. As a result, Dedicated Hosts enable you to use your existing server-bound software licenses and address corporate compliance and regulatory requirements.

Question 38

What are elastic IP Addresses?

Answer 38

Public IP addresses (IPv4 only) which can be associated and disassociated with AWS Services as needed

Question 39

True or false: EIPs are limited to a single region

Answer 39

True

Question 40

how many EIPs can you have per account?

Answer 40

5

Question 41

how many EIPs can you have per account?

Answer 41

5

Question 42

How many ENIs can you have per instance?

Answer 42

Depends on instance size

Question 43

What is enhanced networking?

Answer 43

Enhanced networking provides higher bandwidth, higher packet-per-second (PPS) performance, and consistently lower inter-instance latencies.

If your packets-per-second rate appears to have reached its ceiling, you should consider moving to enhanced networking because you have likely reached the upper thresholds of the VIF driver.